On 10/30/2013 12:39 PM, Christian Boltz wrote: > Hello, > > dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/ > (at least *.conf and *.addnhosts) > > Since this directory contains only files that are intended for dnsmasq > (also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best > way is to just allow "/var/lib/libvirt/dnsmasq/* r," > > References: https://bugzilla.novell.com/show_bug.cgi?id=848215 > > I propose this patch for trunk and the 2.8 branch. > > > === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq' > > > --- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22 > +++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18 > @@ -43,10 +43,10 @@ > @{TFTP_DIR}/ r, > @{TFTP_DIR}/** r, > > - # libvirt lease and hosts files for dnsmasq > + # libvirt config, lease and hosts files for dnsmasq > /var/lib/libvirt/dnsmasq/ r, > + /var/lib/libvirt/dnsmasq/* r, > /var/lib/libvirt/dnsmasq/*.leases rw, > - /var/lib/libvirt/dnsmasq/*.hostsfile r, > > # libvirt pid files for dnsmasq > /{,var/}run/libvirt/network/ r, >
+1 for trunk and 2.8 -- Jamie Strandboge http://www.ubuntu.com/ -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
